Node/Sandbox: allow 'private' address

Allows any kind of 'private' listening address (as defined by IANA)
rather than only allowing `[::1]`.

Also document the error.

src/node/main/node_run_command.ml

@@ -20,7 +20,24 @@ let genesis : State.Net.genesis = {
       "ProtoGenesisGenesisGenesisGenesisGenesisGenesk612im" ;
 }
 
-type error += Nonlocalhost_sandbox of P2p_types.addr
+type error += Non_private_sandbox of P2p_types.addr
+
+let () =
+  register_error_kind
+    `Permanent
+    ~id:"main.run.non_private_sandbox"
+    ~title:"Fordidden public sandbox"
+    ~description:"A sandboxed node should not listen on public address."
+    ~pp:begin fun ppf addr ->
+      Format.fprintf ppf
+        "The node is configured to listen a public addres (%a), \
+         while only 'private' network are authorised with `--sandbox`.
+           See `%s run --help` on how to change the listening address."
+        Ipaddr.V6.pp_hum addr Sys.argv.(0)
+    end
+    Data_encoding.(obj1 (req "addr" P2p_types.addr_encoding))
+    (function Non_private_sandbox addr -> Some addr | _ -> None)
+    (fun addr -> Non_private_sandbox addr)
 
 let (//) = Filename.concat
 
@@ -93,8 +110,8 @@ let init_node ?sandbox (config : Node_config_file.t) =
     | Some addr, Some _
       when Ipaddr.V6.(compare addr unspecified) = 0 ->
         return None
-    | Some addr, Some _ when Ipaddr.V6.(compare addr localhost) != 0 ->
-        fail (Nonlocalhost_sandbox addr)
+    | Some addr, Some _ when not (Ipaddr.V6.is_private addr) ->
+        fail (Non_private_sandbox addr)
     | None, Some _ -> return None
     | _ ->
         (Node_config_file.resolve_bootstrap_addrs

src/node/net/p2p_connection_pool_types.ml

@@ -320,14 +320,13 @@ module Peer_info = struct
       let open Data_encoding in
       conv
         (fun { kind ; timestamp ; point = (addr, port) } ->
-           (kind, timestamp, Ipaddr.V6.to_string addr, port))
+           (kind, timestamp, addr, port))
         (fun (kind, timestamp, addr, port) ->
-           let addr = Ipaddr.V6.of_string_exn addr in
            { kind ; timestamp ; point = (addr, port) })
         (obj4
            (req "kind" kind_encoding)
            (req "timestamp" Time.encoding)
-           (req "addr" string)
+           (req "addr" P2p_types.addr_encoding)
            (opt "port" int16))
 
   end

src/node/net/p2p_types.ml

@@ -108,6 +108,23 @@ module Peer_id = Crypto_box.Public_key_hash
 
 (* public types *)
 type addr = Ipaddr.V6.t
+
+let addr_encoding =
+  let open Data_encoding in
+  splitted
+    ~json:begin
+      conv
+        Ipaddr.V6.to_string
+        Ipaddr.V6.of_string_exn
+        string
+    end
+    ~binary:begin
+      conv
+        Ipaddr.V6.to_bytes
+        Ipaddr.V6.of_bytes_exn
+        string
+    end
+
 type port = int
 
 module Point = struct
@@ -202,12 +219,9 @@ module Id_point = struct
 
     let encoding =
       let open Data_encoding in
-      conv
-        (fun (addr, port) -> Ipaddr.V6.to_string addr, port)
-        (fun (addr, port) -> Ipaddr.V6.of_string_exn addr, port)
-        (obj2
-           (req "addr" string)
-           (opt "port" uint16))
+      (obj2
+         (req "addr" addr_encoding)
+         (opt "port" uint16))
 
   end
 

src/node/net/p2p_types.mli

@@ -45,6 +45,7 @@ end
 type addr = Ipaddr.V6.t
 type port = int
 
+val addr_encoding : addr Data_encoding.t
 
 (** Point, i.e. socket address *)